- Clayton connects into your code repository, not your CRM, keeping your data untouched.
We keep your code secure.
Clayton keeps your source code and data encrypted at all times, both in transit and at rest.
No access to CRM data
Encryption in transit
- All web session and file transfer occur over HTTPS only, using encrypted connections at all times.
- Integrations with third party systems occur via API or WebService over HTTPS, using encrypted connections at all times.
- We will never integrate any system that does not provide a fully encrypted API.
- Real-time integrations are achieved via secured webhooks over HTTPS, using certificate verification at both ends wherever possible.
Handling of source code and encryption at rest
- Source code to be analysed is fetched only upon request by our code review workers and is kept encrypted at all times.
- The encrypted source code may be kept by our code review workers, normally for a few hours after every review, in order to quickly process subsequent reviews.
- We never process or access any source code from within our web app, nor store any source code in our web application database.
- Only pointers and metadata about the code reviews - such as file names and line numbers - are persisted in our database.
- API requests for code reviews are processed only if source and tenants are verified, and at no point your source code is moved as part of these requests.
Access to your version control system
- Clayton connect and integrate into your version control system via APIs. All sessions are authenticated using OAuth (Web Server and JWT grant mechanisms).
- Users must explicitly grant Clayton access before it can connect to any repositories.
- Access tokens and permissions to access any repositories are managed by your version control system, and can be revoked at any time.
- Clayton does not retain or store any usernames, passwords or SSH keys for accessing your version control systems or their APIs.
- Users can revoke their access tokens at any time directly from within their version control system.